<?php /*
	
*/ ?>
<?php include("inc/head.inc.php");

if(isset($_SESSION['memberid']) && ($_SESSION['memberid'])!="") {
	$userid=mysql_real_escape_string($_SESSION['memberid']);
} else if(isset($_SESSION['custid']) && ($_SESSION['custid'])!="") {
	$userid=mysql_real_escape_string($_SESSION['custid']);
} else {
	header("location:thankyoumessage.php?msg=pperror");
}
?>
<body>
<table width="824" border="0" cellpadding="0" cellspacing="0"  align="center">
  <tr>
    <td class="headerclass"><?php include("inc/top.inc.php") ?></td>
  </tr>
  <tr>
    <td valign="top" class="maincontainer">
		<table width="100%" border="0" cellpadding="0" cellspacing="0">
		  <tr>
		    <td valign="top"  class="leftmenuback"><?php include("inc/left.inc.php") ?></td>
			<td valign="top">
<?php
//pull address details from order stages
$sqlcustadd="select * from tblcustomeradd where intcustomerid=$userid";
$rescustadd=$n02586916_db->select($sqlcustadd);
//pull customer details from customer table
$sqluserdetails="SELECT * FROM tblcustomers WHERE intcusid=$userid";
$customerresult=$n02586916_db->select($sqluserdetails);
if($rescustadd) {
//set order vars required
	$varcustomername=$customerresult[0]['varcustfname']." ".$customerresult[0]['varcustlname'];
	$varcustomerstreetaddress=$rescustadd[0]['varcustomerstreetaddress'];
	$varcustomercity=$rescustadd[0]['varcustomercity'];
	$varcustomerpostcode=$rescustadd[0]['varcustomerpostcode'];
	$varcustomerstate=$rescustadd[0]['varcustomerstate'];
	$varcustomercountry=$rescustadd[0]['varcustomercountry'];
	$varcustomertelephone=$customerresult[0]['varcustphone'];
	$varcustomeremailid=$customerresult[0]['varcustemail'];
	$vardeliveryname=$customerresult[0]['varcustfname']." ".$customerresult[0]['varcustlname'];
	$vardeliverystreetaddress=$rescustadd[0]['vardeliverystreetaddress'];
	$vardeliverycity=$rescustadd[0]['vardeliverycity'];
	$vardeliverypostcode=$rescustadd[0]['vardeliverypostcode'];
	$vardeliverystate=$rescustadd[0]['vardeliverystate'];
	$vardeliverycountry=$rescustadd[0]['vardeliverycountry'];
	$varbillingname=$customerresult[0]['varcustfname']." ".$customerresult[0]['varcustlname'];
	$varbillingstreetaddress=$rescustadd[0]['varbillingstreetaddress'];
	$varbillingcity=$rescustadd[0]['varbillingcity'];
	$varbillingpostcode=$rescustadd[0]['varbillingpostcode'];
	$varbillingstate=$rescustadd[0]['varbillingstate'];
	$varbillingcountry=$rescustadd[0]['varbillingcountry'];
	$varpaymentmethod="PayPal";
	$discount = $_SESSION['discount'];
	$to = $_SESSION['total'];
	$ship = $_SESSION['ship'];
}

$insert="INSERT INTO `tblorders` (`intcustomerid`,`varcustomername`,`varcustomerstreetaddress`,`varcustomercity`,`varcustomerpostcode`,`varcustomerstate`,`varcustomercountry`,`varcustomertelephone`,`varcustomeremailid`, `vardeliveryname`,`vardeliverystreetaddress`,`vardeliverycity`,`vardeliverypostcode`,`vardeliverystate`,`vardeliverycountry`,`varbillingname`,`varbillingstreetaddress`,`varbillingcity`, `varbillingpostcode`,`varbillingstate`,`varbillingcountry`,`dtfinished`,`varpaymentmethod`,`discountcode`,`shipmethod`,`totalvalue`) VALUES ($userid,'$varcustomername','$varcustomerstreetaddress','$varcustomercity', '$varcustomerpostcode','$varcustomerstate','$varcustomercountry','$varcustomertelephone','$varcustomeremailid','$vardeliveryname','$vardeliverystreetaddress','$vardeliverycity', 
'$vardeliverypostcode','$vardeliverystate','$vardeliverycountry','$varbillingname','$varbillingstreetaddress','$varbillingcity','$varbillingpostcode',
'$varbillingstate','$varbillingcountry',NOW(),'$varpaymentmethod','$discount',$ship,$to)";
			$sqlin=$n02586916_db->insert($insert);
			//get order insert id
			$orderid=mysql_insert_id();
			
//select cart items		
$basketsql="SELECT tblcustomerbaskets.*, tblproducts.*, tblproddesc.* FROM `tblcustomerbaskets` INNER JOIN `tblproddesc` ON tblcustomerbaskets.intproductid=tblproddesc.intid INNER JOIN `tblproducts` ON tblcustomerbaskets.intproductid=tblproducts.intprodid  WHERE intcustomerid=$userid";
$basketresult=$n02586916_db->select($basketsql);
//loop through cart items and insert them into order products table
for($p=0;$p<count($basketresult);$p++) {
	$finalprice = $basketresult[$p]['dectotalprice']*$basketresult[$p]['intproductquantity'];
	$insert="INSERT INTO `tblorderproducts` (`intorderid` , `intproductid` , `varproductmodel` ,`varproductname`, `decproductprice`,`decfinalprice`,`intquantity`) 
					VALUES ($orderid, ".$basketresult[$p]['intproductid'].",'".$basketresult[$p]['intprodmodel']."','".$basketresult[$p]['varprodname']."', ".$basketresult[$p]['dectotalprice'].",$finalprice,".$basketresult[$p]['intproductquantity'].")";
	$into=$n02586916_db->insert($insert);	
	$orderproductid=mysql_insert_id();
	
	//update quantity in stock.
		$quantupdatesql =  "UPDATE `tblproducts` SET intprodquantity = intprodquantity-1 WHERE intprodid = '".$basketresult[$p]['intproductid']."'" ;
		$quantupdaterun=$n02586916_db->edit($quantupdatesql);
	
	//select cart attributes
	$attributessql = "SELECT * FROM tblcustmerbasketattributes WHERE intcustomerbasketid=".$basketresult[$p][0];
	$attributeresult=$n02586916_db->select($attributessql);
	for($at=0;$at<count($attributeresult);$at++) {
		//loop through attributes and insert into order attributes table
		$insertattrsql = "INSERT INTO `tblorderproductattributes` (intorderid,intorderproductid,intproductoptionid) VALUES ($orderid,$orderproductid,".$attributeresult[$at]['intproductoptionid'].")";
		$into=$n02586916_db->insert($insertattrsql);
		// delete attribute after insertion into order
		$delattr="DELETE FROM tblcustmerbasketattributes WHERE intid=".$attributeresult[$at]['intid'];
		$descusattr=mysql_query($delattr);
	}
}

//insert order status history notes
$insertcust="INSERT INTO `tblorderstatushistory` (`intorderid`,`intorderstatusid`,`dtdateadded`,`intcustomernotify`,`varcomments`,`varedite`) VALUES ($orderid,'1',NOW(),'1','Order Received','Auto')";
$sqlinsertforcustnoti=$n02586916_db->insert($insertcust);
// For Admin
$insert4admin="INSERT INTO `tblorderstatushistory` (`intorderid`,`intorderstatusid`,`dtdateadded`,`intcustomernotify`,`varcomments`,`varedite`) VALUES ($orderid,'1',NOW(),'3','Order Received','Auto')";
$sqlin=$n02586916_db->insert($insert4admin);	

// clear basket
$del="DELETE FROM tblcustomerbaskets WHERE intcustomerid=$userid";
$delcusbas=mysql_query($del);

//email customer confirming order
$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.FROMEMAIL. "\r\n";
$sub="Order Confirmation for ".SITENAME;
$message="Thank you for choosing ".SITENAME."!
<br /><br />
We have received your order and payment has been completed.
<br /><br />
Your Order ID: ".$orderid."
<br /><br />
You can check the status of your order via the order tracking option on our website.<br />
<br />
--<br />
Thank you<br />
".SITENAME." Team<br />
<a href='".WEBSITEURL."'>".WEBSITEURL."</a>";
$memail = "<html><head><title>".$sub."</title></head><body>".$message."</body></html>";
mail($varcustomeremailid,$sub,$memail,$headers);

//email admin notifying them about a placed order
$adminemail = "SELECT varsendordertoemail FROM tblmystore";
$adminresult=$n02586916_db->select($adminemail);
$notifyaddress = stripslashes($adminresult[0][0]);

$headers  = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.FROMEMAIL. "\r\n";
$sub="Order has been placed";
$message="Order has been placed via our website.
<br /><br />
Order ID: ".$orderid."
<br /><br />
Please log into the admin panel and process the order<br />
<br />";
$memail = "<html><head><title>".$sub."</title></head><body>".$message."</body></html>";
mail($notifyaddress,$sub,$memail,$headers);
?>			
			
			
			
			
			<p class="welcome style2" style="padding-left:15px; padding-right:10px; padding-top:15px;">Payment Complete</p>
            <div style="padding-left:15px; padding-right:10px;" class="font">
				Your order has been completed.  <br /><br />We will process and ship your order via your requested shipping method as soon as possible.  <br /><br />You can track your order status via the tracking option in the main menu.<br /><br />You have been emailed an order confirmation containing your Order ID.<br /><br />
            </div>
			</td>
		  </tr>
		</table>
    </td>
  </tr>
  <tr>
    <td><?php include "inc/bottom.inc.php"; ?></td>
  </tr>
</table>
</body>
</html>
